Bug Description

I want to set up a package repository on my home (cable modem-based) server that
can scale to many Internet clients.

Since my use is non-commercial, the Coral Cache <http://www.coralcdn.org/> can
be used to distribute the package files. I want to count downloads, so I can
get a sense of how popular my packages are. So, I want to store my package
files in an HTTP-accessible directory and have Apache redirect packages to the
Coralized URL. That way, a client's apt-get install with hit my server, which
will return a "302 Found" redirect to the Coral cache; I count package hits
without serving the huge files.

Unfortunately, apt doesn't handle redirects at all; it treats all 3xx HTTP
responses from the web server as errors.

(In reply to comment #3)
> (In reply to comment #2)
> > Support for apt redirection is available in the
> > <email address hidden>/apt--http-authentication--0
>
> Interesting. How does one check this out? (I've only ever used cvs and svn
> before.)

Sorry, I should have been more verbose. You need to install the package "bazaar".
Then run:
$ baz register-archive http://people.ubuntu.com/~mvo/arch/ubuntu
$ baz get <email address hidden>/apt--http-authentication--0
apt--http-authentication
$ cd apt--http-authentication
$ debian/rules arch-build
and then you find the deb packages in debian/arch-build

> Also, on what timeframe will this be distributed with Ubuntu? With Debian?

I can't give you a timeframe. It depends on what Matt thinks about the code.
Testing is welcome.

I can see this facility to be desirable in several instances, including
- temp redirects when mirrors are in the process of being updated
or undergoing maintainance.
- redirects to software that is stored in .deb format, but not in
an apt-able archive.

Looking at the http method, it seems like it would be pretty easy to
enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is
definitely a hack (it messes up concurrent downloads?), and what we
really need, I think, is a new message we can pass back to apt:

30x URI Redirection

Then, apt can re-issue a 600 to the appropriate method. Is this being
worked on? I need it for a project I'm doing...

> Looking at the http method, it seems like it would be pretty easy to
> enqueue new (HTTP) URIs for redirects in http.cc. That "solution" is
> definitely a hack (it messes up concurrent downloads?), and what we
> really need, I think, is a new message we can pass back to apt:
>
> 30x URI Redirection
>
> Then, apt can re-issue a 600 to the appropriate method. Is this being
> worked on? I need it for a project I'm doing...

Doing redirects is extremly risky, you may not get the file you requested
after following the redirect, and it tends to hide misconfigured mirrors.
I am not super interested in having it supported by default.

Generajing redirect messages is probably the best way to do it, but that
is somewhat complicated to get right.

Hi,
I think the "mirror" method Michael Vogt described above is useful in many situation. In other situations, it would be highly preferable to simply have apt honor 3xx status codes and follow redirects. I can see no reason why this should be either hard or insecure. Speaking of security, as long as the packages are signed, the signatures are valid and the keys used for the signatures can be trusted: What are the implications here?

I would like the maintainers of apt/aptitude to reconsider implementing redirection in apt/aptitude.